Brian D. wrote:
I can't find where I read it originally, but somewhere I've been told or read that "using $_REQUEST is bad form." I understand that in cases where you want to force a $_POST request, but if you might receive $_GET or $_POST then isn't is better than doing if/elses?
Others have already pointed out that for reliability sake, $_POST and $_GET give you direct access to user supplied data before some other process has interfered with it.
Originally GET and POST were intended for different purposes. The one to "get" data from the server and the other to "post" data to the server. In real life this means that a GET querystring is limited, depending on the browser, to about 2000-8000 bytes. A POST query on the other hand is expected to upload files, possibly post large text fields and so forth and so the size of a POST is allowed to be much more than a GET.
But if you take large uploads out of the picture, the simple fact is that a GET and POST are functionally identical once the PHP script is executing. Each arrives as an associative array. If you treat them differently then you are doing so out of respect for conventions that have no direct impact on your program. In cases like this I go back and forth. I will do whatever produces the most reliable code, even if it defies convention, but if there is nothing to be gained by defying convention I will try to go along so as to avoid all the free advice you get from the code police.
The only related thing I could find on Google was this guy ( http://mypetprogrammer.com/blog/?p=15 ) but he seems to erroneously believe that using $_POST somehow saves you from a SQL injection attack. I'm also thinking that some servers don't use the $_REQUEST array. Can you define why it's bad form? When is it considered acceptable to use? Thanks! - B. _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
-- Kenneth Downs Secure Data Software, Inc. www.secdat.com www.andromeda-project.org 631-689-7200 Fax: 631-689-0527 cell: 631-379-0010 _______________________________________________ New York PHP Community Talk Mailing List http://lists.nyphp.org/mailman/listinfo/talk NYPHPCon 2006 Presentations Online http://www.nyphpcon.com Show Your Participation in New York PHP http://www.nyphp.org/show_participation.php
